Bug #24131
openrgw: add Content-MD5 check and related permissions check for object tagging
0%
Description
add Content-MD5 value check for RGWPutObjTags
Amazon S3 checks Content-MD5 value when put tags to an existing object, but RGW doesn’t.
rgw: add s3PutObjectTagging permission check when put obj with tags
According to S31, The requester must have s3:PutObjectTagging permission when specify tags on an object.
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUT.html
rgw: add RGWGetObj permission check when return 'x-amz-tagging-count’
According to S31, when the response returns the 'x-amz-tagging-count’ header, the requester should have permission to read object tags.
S31 says, "Assuming you have permission to read object tags (permission for the s3:GetObjectVersionTagging action)”, it’s kind of inaccurate. When a versionid is not specified in request, you should have s3:GetObjectTagging permission to read object tags. Otherwise, both s3:GetObjectVersion and s3:GetObjectVersionTagging permissions should be provided.
[1] https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html